[asterisk-commits] dbailey: trunk r63786 - /trunk/main/callerid.c

Thu May 10 14:25:06 MST 2007

Author: dbailey
Date: Thu May 10 16:25:05 2007
New Revision: 63786

URL: http://svn.digium.com/view/asterisk?view=rev&rev=63786
Log:
Added check for negative offset in cid spill to prevent infinite loops

Modified:
    trunk/main/callerid.c

Modified: trunk/main/callerid.c
URL: http://svn.digium.com/view/asterisk/trunk/main/callerid.c?view=diff&rev=63786&r1=63785&r2=63786
==============================================================================

--- trunk/main/callerid.c (original)
+++ trunk/main/callerid.c Thu May 10 16:25:05 2007
@@ -636,6 +636,12 @@
 						default:
 							ast_log(LOG_NOTICE, "Unknown IE %d\n", cid->rawdata[x - 1]);
 						}
+						if(0 > cid->rawdata[x]){	/* Negative offset in the CID Spill */
+							ast_log(LOG_NOTICE, "IE %d has bad field length of %d at offset %d\n", cid->rawdata[x-1], cid->rawdata[x], x);
+							/* Try again */
+							cid->sawflag = 0;
+							break; 	/* Exit the loop */
+						}
 						x += cid->rawdata[x];
 						x++;
 					}

